Version: 1.2.0.0

stix.report Module

Overview

The stix.report module implements Report.

A Report defines a contextual wrapper for a grouping of STIX content.

Documentation Resources

Classes

class stix.report.Report(id_=None, idref=None, timestamp=None, header=None, courses_of_action=None, exploit_targets=None, indicators=None, observables=None, incidents=None, threat_actors=None, ttps=None, campaigns=None, related_reports=None)

Bases: stix.base.Entity

A STIX Report Object.

Parameters:
  • id_ (optional) – An identifier. If None, a value will be generated via stix.utils.create_id(). If set, this will unset the idref property.
  • idref (optional) – An identifier reference. If set this will unset the id_ property.
  • timestamp (optional) – A timestamp value. Can be an instance of datetime.datetime or str.
  • header – A Report Header object.
  • campaigns – A collection of Campaign objects.
  • course_of_action – A collection of CourseOfAction objects.
  • exploit_targets – A collection of ExploitTarget objects.
  • incidents – A collection of Incident objects.
  • indicators – A collection of Indicator objects.
  • threat_actors – A collection of ThreatActor objects.
  • ttps – A collection of TTP objects.
  • related_reports – A collection of RelatedReport objects.
add(entity)

Adds entity to a top-level collection. For example, if entity is an Indicator object, the entity will be added to the indicators top-level collection.

add_campaign(campaign)

Adds a Campaign object to the campaigns collection.

add_course_of_action(course_of_action)

Adds an CourseOfAction object to the courses_of_action collection.

add_exploit_target(exploit_target)

Adds an ExploitTarget object to the exploit_targets collection.

add_incident(incident)

Adds an Incident object to the incidents collection.

add_indicator(indicator)

Adds an Indicator object to the indicators collection.

add_observable(observable)

Adds an Observable object to the observables collection.

If observable is not an Observable instance, an effort will be made to convert it to one.

Adds an RelatedReport object to the related_reports collection.

add_threat_actor(threat_actor)

Adds an ThreatActor object to the threat_actors collection.

add_ttp(ttp)

Adds an TTP object to the ttps collection.

campaigns

The top-level Campaign collection. This behaves like a MutableSequence type.

courses_of_action

The top-level CourseOfAction collection. This behaves like a MutableSequence type.

exploit_targets

The top-level ExploitTarget collection. This behaves like a MutableSequence type.

header

The Header section for the Report.

id_

A globally unique identifier for this Report. By default, one will be generated automatically.

idref

A reference to another Report identifier. Setting this will unset any previous id values.

incidents

The top-level Incident collection. This behaves like a MutableSequence type.

indicators

The top-level Indicator collection. This behaves like a MutableSequence type.

observables

The top-level Observable collection. This behaves like a MutableSequence type.

related_reports

The top-level RelatedReports collection. This behaves like a MutableSequence type.

threat_actors

The top-level ThreatActor collection. This behaves like a MutableSequence type.

timestamp

Specifies a timestamp for the definition of this specific Report object.

ttps

The top-level TTP collection. This behaves like a MutableSequence type.